If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Writing a port scanner in Java

With all the people writing port scanners of late, I thought I'd hop on to the bandwagon. I selected Java as my platform because that's the language I know best. I ran into a couple of problems straight off, as Java doesn't support Raw Sockets (so no SYN scans) and ICMP (so no ping) off the bat. However, once I decided to write a simple TCP connect scanner, it was easy. Anyway, I'll be taking you through the scanner, how it works and detailing every line of code. This tutorial is geared towards people who already know Java, so people who don't won't get too much out of it except some background information.

First, the concept behind the scanner. Java uses sockets to make TCP connections. Whenever a new socket is created, java first tries to make the connection. If the connection fails, it throws an IOException. This is the concept behind the main program loop. The port scanner is divided into 2 files, one that does the actual work, called JPortScanCore.java, and another that provides the user interface, called JPortScanCLI.java. I could have done it in a single file but that'd have made it harder to provide a GUI.

import java.net.*;
class JPortScanCore
{
Socket worker; //makes all the connections
int startPort, endPort; //what port to start at and what port to end at
int[] openPorts=new int[65535]; //this holds all the ports that are open. It's so big because it might need to accomodate 65535 ports in the unlikely event that all 65535 ports are open
String host; //stores the hostname/address of the target
InetAddress hostAddress; //stores the IP address of the target
....

The first line is a for loop that starts at startPort and ends at endPort. The first try... catch... finally block does the actual work. It creates a socket that tries to create a connection to the target. If it's possible, it sets the boolean variable b to true. If it isn't, b is set to false inside the catch block. The finally block closes the socket that frees it up for reuse. IOException is thrown by Socket.close() and must be caught. If the connection fails, worker is null, therefore, a NullPointerException must be caught too. Later on, the if block adds open ports to the openPorts[] array and increments the counter.

The next block of code is just a couple of alternative constructors. The first one scans all ports (1-65535) on the target. The second scans a single port.

Now that we're done with the main class, let's look at the implementation of a command line interface (CLI) for it. The file is called JPortScanCLI.java and it goes like this:

Code:

public class JPortScanCLI
{
static JPortScanCore jpsc=null; //make an instance of JPortScanCore for use in the class
public static void main(String[] args)
{
if(args.length==0||args.length&gt;3)
{
usage(); //if the arguments are not ok, prints a usage message and exits
}
...

The next bit of code does the actual initialization and calls the constructor.

A couple of things need to be explained here. First, the Integer.parseInt(int) throws a NumberFormatException that needs to be caught. This prevents text from being entered when ports are expected. Second, InetAddress.getByName(host) throws a UnknownHostException when the host IP cannot be resolved. I've caught it here since I've handled all errors/exceptions in the interface rather than the core file. This allows me to make modifications to the interface (like adding a GUI) without changing the core code.

This method prints the usage notes and exits. Nothing new here. If there is, you should be learning Java .

That's it for the code. There are a few things worth mentioning before I sign off. First, Java isn't exactly the ideal language to write a port scanner in, I just wanted to see if I could do it. Second, while raw sockets and ICMP aren't available in Java natively, an implementation of libpcap for Java, jpcap, allows you to do those things. jpcap can be found at http://jpcap.sourceforge.net. Third, the port scanner is really slow, one thing worth adding might be parallel scanning using threads. I might just do that later.

That's all for now. As usual, any comments, criticisms, flames and questions are welcome.

PM8228 aka silver-bullets and I were working on a java port scanner. We found a
problem where if the port was closed it took an insane amount of time to move on to
the next port. I don't know if this program has that problem but we solved it by putting
a timer on it. We had it going fairly fast in the end, and we were working on some
stuff to make it faster, but I guess we sort of got side tracked. It used threads. I'll
have to give this one a try and see how it performs. Soda, screw your GUI . j/k

With the threads how would you implement it? I doubt creating 65535 threads is a good idea. I would think maybe 65 threads that scan 1000 ports each might not be a bad idea.

I doubt whether 65 threads is a good idea either. I wouldn't like to use over 10 threads ever, but I guess you could let the user specify how many threads to use.

We found a problem where if the port was closed it took an insane amount of time to move on to
the next port.

It takes about 4 or 5 seconds I think, maybe a bit more. That's the default timeout value. Unfortunately, while Socket.connect() has a timeout value in one of the methods, the Socket() constructors don't. I'm looking at getting around that problem. Will let you know when I do.

Want a GUI?

Sure, if you don't mind rewriting it everytime I change the portscanner

I've written a program that takes a list of ip's and port numbers and creates an ftp connection to them using threads. The main part of this program creates a thread for a new connection, and does this until there are either 5 threads or no ip's left. The program actually creates about 120 threads through the program.

If people are interested, I can dig out the code for the guts of the program.

Actually java can handle raw socket requests, there are a couple of projects out there that plug into libpcap and libnet, useing a java native interface.
Have a look at http://jpcap.sourceforge.net/ for the libpcap stuff.
I can find the link for the stuff for libnet, ill post the link when I find it
SittingDuck

I know that, that's why the last paragraph of my tut says this:

There are a few things worth mentioning before I sign off. First, Java isn't exactly the ideal language to write a port scanner in, I just wanted to see if I could do it. Second, while raw sockets and ICMP aren't available in Java natively, an implementation of libpcap for Java, jpcap, allows you to do those things. jpcap can be found at http://jpcap.sourceforge.net.